Set up SAML for SSO with Aumni

Aumni can integrate with any identity provider (IdP) as long as it supports Security Assertion Markup Language (SAML). To learn more about how to add single sign-on (SSO) capabilities to your account, reach out to your customer success team. 

About SAML single sign-on

SAML is an open standard for transferring identity, authentication, and authorization data between parties, such as an IdP and a service provider. SAML for single sign-on (SSO) allows authentication of Aumni users through your company’s IdP when you log in to the Aumni platform, making it convenient and more secure to access your account. 

Setting up SSO

  1. To establish trust with Aumni, add an Entity ID, an Assertion Consumer Service (ACS) URL, and a Signing certificate in your identity provider (IdP).
      • The Entity ID is the URL that uniquely identifies Aumni as a SAML entity or service provider.
      • The Assertion Consumer Service (ACS) ULR is the endpoint on the Aumni side that listens for requests from your identity provider to enable communication between your IdP and Aumni. This URL is sometimes called a Reply or Callback URL.
      • The Signing certificate is the Aumni certificate, stored on your server that is needed to maintain the trust relationship. It contains the necessary encryption keys for authentication.
      • The Aumni SAML Metadata is a public endpoint that contains Aumni’s X509 certificate and other SAML configuration details that are called out in this document already. It is just included here for reference.

Use these details to set up the connection with your Identity provider (IdP):

Details Description
Entity ID urn:auth0:aumni:saml-company-name
ACS URL https://aumni.auth0.com/login/callback?connection=saml-company-name
Aumni Signing Certificate https://aumni.auth0.com/pem
  *Please replace “company-name” with your organization’s name.

 

2. To enrich your identity profile with Aumni, configure the following identity attributes in your IdP.

      • To map information from your Identity provider to Aumni, name your user attributes as follows, using the same capitalization and spelling.

Attribute Description
email The user email address
name The name of the person to be authenticated
username The person’s username for the identity provider

 

      • This is important as it will help enrich your user’s identity in our system and minimize the potential for authentication issues.
      • If your user attributes do not match, note that the Aumni configuration for your SSO may take more time.
      • Once these steps have been completed, select Save in your IdP.

SAML information to provide to Aumni

Obtain the following information from your identity provider, and send these details to support@aumni.fund so we can begin to configure your SAML connection on our end:

Information Description
Sign-in URL The URL for your identity provider sign-in page
X509 Signing Certificate The identity provider public key, encoded in Base64 format
Sign-out URL Optional, but recommended - The URL for redirect whenever a user logs out of Aumni
User ID attribute Optional default is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier: This value uniquely identifies Aumni users and if changed will result in a duplicate user being created.
Protocol binding HTTP-POST is supported.
IdP initiated flow supported? Aumni does not support IdP Initiated login flow due to security risks. We only support SP initiated login.
Email domains and subdomains The email domains and subdomains that need access to the SSO. This is used to configure HRD (Home Realm Discovery) for all your associated email domains.

 

Additional FAQs

If you have questions or concerns, please reach out to support@aumni.fund.

As mentioned before, we are unable to support IdP-initiated logins at this time due to the security risks they present. A feasible workaround is to include a bookmark tile in your IdP that links to our login page (app.aumni.fund).

Furthermore, we do not support provisioning to protect the security, confidentiality, and data integrity of data mappings within the system. This is done carefully through checks and balances in the system.

Articles in this section

Was this article helpful?
0 out of 0 found this helpful